1. Technical Field
The present invention relates generally to web browsing and, in particular, to a method and mechanism for dynamically presenting user data (e.g., basic authentication and cookie information) to a web browser user.
2. Description of the Related Art
The World Wide Web is the Internet's multimedia information retrieval system. In the web environment, a client machine and, in particular, a web browser, effects transactions to web servers using the Hypertext Transfer Protocol (HTTP), which is a known application protocol providing users access to files (e.g., text, graphics, images, sound, video, etc.) using a standard page description language known as Hypertext Markup Language (HTML). HTML provides basic document formatting and allows the developer to specify “links” to other servers and files. In the Internet paradigm, a network path to a server is identified by a so-called Uniform Resource Locator (URL) having a special syntax for defining a network connection. Use of an HTML-compatible browser (e.g., Netscape Navigator or Microsoft Internet Explorer) at a client machine involves specification of a link via the URL. In response, the client makes a request to the server identified in the link and, in return, receives a document or other object formatted according to HTML. A collection of documents supported on a web server is sometimes referred to as a web site.
A web browser automatically stores certain user data during the process of the user browsing the Internet. Thus, for example, the HTTP protocol uses so-called “basic authentication” to enable a user to present a login, typically a userid and password, to browse content on a given site. The basic authentication function works as follows. When the web browser receives a HTTP 401 unauthorized return code from a web server as part of the HTTP transaction if the user is not logged on to the specified realm, the web browser displays a dialog box prompting the user for his or her userid and password. This userid/password is then passed along with every HTTP transaction to URLs in the specified realm. The userid and password are not visible to the user thereafter unless the receiving CGI script on the web server wishes to display the value. However, the userid and password are kept for all instances of the web browser as long as a session of the web browser exists.
Thus, once the user logs into a realm, the browser maintains the basic authentication data during the browsing session. After login, however, the basic authentication data is either hidden or not easily accessible to the user, which is undesirable. Thus, for example, assume that an administrator on an intranet has logged in as a simple user but then decides that he or she decrees to assume administrative duties. In the prior art, a user cannot login as a first user and then login as a second user during the same session without first logging off or closing down the browser.
Another type of user data is a so-called “cookie.” Because HTTP is a stateless protocol, a cookie can be set by a server to customize data to a particular user's web browser. Cookies thus provide a degree of “state” to HTTP. By default, a browser automatically stores cookie data without giving the user the option or knowledge of it being done. When a cookie is set as part of a HTTP transaction, it will include the path the cookie is valid for, the cookie's name and value, and other optional attributes, such as the expiration date for the cookie. In the prior art, a user can configure his or her web browser to show the cookie that the web server is attempting to set in a dialog box along with the options to set or cancel the cookie. After this initial display, the cookie value is unavailable for viewing or modification by the user. The browser may store cookie values in a text file, but this file can only be viewed outside of the browser and may only be updated when the browser is closed.
Thus, like basic authentication data, cookie data typically is not exposed to the user. Thus, for example, after a user has agreed to accept cookies, there is no easy way for the user to modify the cookie without first bringing down the browser.
It would be highly desirable to provide a web browser user with more control over what authentication and cookie data is stored on his or her behalf by a web browser or any other HTTP client application. The present invention addresses this problem.